Menu

The best way to

Allow SVG Uploads in WordPress

30 day money back guarantee. Includes one year of support and updates.

Features

Sanitised SVGs

Don't open up security holes in your WordPress site by allowing uploads of unsanitised files.

SVGO Optimisation

You'll have the option to run your SVGs through our SVGO server on upload to save you space.

Add Inline SVGs

You have the ability to insert SVG files inline into your page to allow you to style them using CSS or hook into them with JavaScript.

View SVGs in the Media Library

Gone are the days of guessing which SVG is the correct one, we'll enable SVG previews in the WordPress media library.

Choose Who Can Upload

Restrict SVG uploads to certain users on your WordPress site or allow them to all.

Scan Previously Uploaded Files

Scan SVG files that were uploaded prior to the plugin being added. This means you can still get the full benefit of WP SVG across the board, even if you were late to the party!

What People Say

A couple of testimonials from people using WP SVG in the wild!

At Information is Beautiful we use WP-SVG to ensure our readers get great-looking content across all devices. From a technical point of view the plugin does exactly what it says on the tin, making safe, sanitized svg uploads a total breeze. In addition, the support we’ve received has been second to none and on the rare occasions where we’ve had to get in touch Daryll has gone above and beyond to make sure any issues have been solved almost immediately. Highly recommended!

Why Choose WP SVG?

Why should you choose WP SVG over any of the free plugins out there and isn't it just a line of code to allow SVG uploads?

SVGs are inherently insecure, this is because contrary to what a lot of people believe, SVG is not an image format. SVG is actually document format, more specifically a standalone XML application. For example, SVG files allows JavaScript to be embedded and SVG readers, i.e. your browser, are expected to execute it.

Because SVG is also an XML based format, when you allow SVG uploads you also open up your server to XML based attacks. These attacks affect not only your website but also the server it resides on.

Security researcher Mario Heiderich wrote a talk on SVG security that shows how JavaScript embedded within an SVG managed to call him on Skype.

Now you now a little about SVG security, why should you use WP SVG over the other options out there?

WP SVG has a sanitisation library built in to it. This library is built and maintained by myself separately to the WP SVG plugin, meaning that we can get more eyes on the sanitiser to potentially help fix any bugs that are found. If sanitisation wasn't enough, WP SVG also gives you the option to restrict the ability to upload SVGs to WordPress to certain users.

I also have a free version available in the WordPress Plugin directory. This free plugin utilises the same sanitisation library as WP SVG so please at least use that!